Available for senior IAM roles

Senior IAM Engineer
Identity Architecture · Zero Trust · Protocol Engineering

I design and build enterprise identity infrastructure — SCIM provisioning platforms, SSO federation, Zero Trust policy engines, and non-human identity governance. This portfolio is evidence-first: architecture, flows, controls, and working prototypes.

View Case StudiesProjects & Evidence

Proof of Work

Eight projects with explicit status and evidence claims. You know exactly what exists and what is pending.

BuiltScreenshot pendingRepo pendingDemo pending

SCIM Connector Platform

  • Multi-tenant SCIM v2 platform with self-service tenant and connector setup
  • Bearer token per connector, bcrypt-hashed at rest, display-once pattern
  • /health /ready /metrics endpoints; structured audit log per provisioning event
View case study →
BuiltRepo pending

SCIM v2 Protocol Implementation

  • Full CRUD + PATCH for /Users and /Groups resources
  • ServiceProviderConfig, Schemas, ResourceTypes discovery endpoints
  • RFC 7644 filter support: userName, email, externalId
View case study →
BuiltScreenshot pending

Customer Self-Service Portal

  • Tenant creation with isolated connector namespacing
  • Connector token generation with display-once UX
  • Admin/operator cross-tenant dashboard
View case study →
BuiltDocumentation

Secure Token Handling

  • bcrypt hash before storage — plaintext never persisted
  • Token display-once: shown at creation, never retrievable again
  • Rotation: revoke and reissue without tenant downtime
View case study →
BuiltScreenshot pending

Audit Logging and Metrics

  • Structured JSON events: actor, resource, action, outcome, timestamp
  • Prometheus-compatible /metrics: provisioning counts, error rate, latency
  • /health and /ready for orchestration-layer health checks
View case study →
PrototypeDocumentation

SSO Troubleshooting Workflow

  • SAML POST binding trace: capture, decode, redact, explain
  • OIDC flow analysis: auth code, PKCE, token exchange
  • Failure pattern library: clock skew, wrong ACS URL, expired cert, missing attribute
View case study →
PrototypeDocumentation

Zero Trust Policy Engine

  • Policy: identity active + MFA satisfied + role valid + token valid + risk low + scope assigned
  • Explicit deny with reason logged for every rejected request
  • Decision table: 6 actors including humans and service accounts
View case study →
PrototypeDocumentation

Non-Human Identity Governance

  • OAuth2 client credentials lifecycle: creation, rotation, revocation
  • Scope assignment with least-privilege enforcement
  • Over-privilege detection: compare assigned vs used scopes, flag drift
View case study →

Case Studies

Five deep-dive case studies with architecture, flows, controls, and design reasoning.

Built

SCIM Connector Platform

Multi-tenant SCIM v2 connector with self-service tenant setup, bcrypt token hashing, and full audit logging.

SCIM v2Multi-tenantAPI Security
Prototype

SSO Troubleshooting Tracer

Structured SAML and OIDC failure pattern library with decode-redact-explain workflow for enterprise support.

SAML 2.0OIDCFederation
Prototype

Zero Trust Policy Engine

Policy model with 6-condition evaluation: identity, MFA, role, token, risk, and scope — explicit deny with reason logging.

Zero TrustPolicy EngineAccess Control
Prototype

Non-Human Identity Governance

OAuth2 client credential lifecycle, scope governance, and over-privilege detection for workload identities.

OAuth2NHIWorkload Identity
Complete

IAM Control Mapping

12 IAM controls mapped to risk themes and governance frameworks (NIST, SOC 2, ISO 27001, SOX).

GovernanceRiskControl Frameworks

Capability Areas

Technical domains covered across this portfolio, with hands-on project evidence for each.

Identity Protocols

  • ·SCIM v2 (RFC 7644)
  • ·SAML 2.0
  • ·OIDC / OAuth 2.0
  • ·FIDO2 / WebAuthn
  • ·WS-Federation

Platform Design

  • ·Multi-tenant SaaS architecture
  • ·Token lifecycle management
  • ·Tenant isolation patterns
  • ·API security design

Identity Lifecycle

  • ·Joiner / Mover / Leaver flows
  • ·SCIM provisioning and deprovisioning
  • ·Role assignment automation
  • ·Access certification campaigns

Zero Trust and Policy

  • ·Policy engine design
  • ·Risk-based access control
  • ·Continuous verification
  • ·Adaptive authentication

Non-Human Identity

  • ·OAuth2 client credentials
  • ·Service account governance
  • ·Scope enforcement
  • ·Credential rotation

Governance and Operations

  • ·Structured audit logging
  • ·Prometheus metrics
  • ·IAM control mapping
  • ·SOC 2 / NIST alignment

IAM Architecture Stack

The identity and access management stack this portfolio addresses — from IdP integration down to governance and operations.

Identity Providers
OktaMicrosoft Entra IDAuth0Any SCIM-compatible IdP
Federation and SSO
SAML 2.0OIDC / OAuth 2.0SCIM v2WS-Federation
Identity Platform
Policy EngineSCIM ConnectorToken ServiceAudit Bus
Access Control
RBACZero Trust PolicyJIT AccessScope Enforcement
Governance and Ops
Audit LoggingAccess ReviewsMetrics / SIEMHealth Monitoring

Portfolio Roadmap

What has been shipped, what is in progress, and what comes next.

✓ Completed

  • Portfolio website — 7 pages, live at portfolio.labsninja.com
  • SCIM Connector case study — architecture, flows, endpoints, controls
  • SSO Tracer case study — failure pattern library, 7 SAML/OIDC patterns
  • Zero Trust decision table — 6-actor policy model with explicit deny
  • Non-Human Identity governance model
  • IAM Control Mapping — 12 controls mapped
  • HTTPS deployment with Let's Encrypt SSL

↻ In Progress

  • Screenshots — connector UI, audit log, admin dashboard
  • Architecture diagrams — visual flows for SCIM and Zero Trust
  • GitHub repository links — SCIM connector and SSO tracer repos
  • LinkedIn and contact links

□ Planned

  • Interactive Zero Trust policy simulator
  • Live SCIM demo tenant (test provisioning in real-time)
  • Non-human identity dashboard (scope comparison, over-privilege detection)
  • SSO Tracer Chrome extension MVP
  • Downloadable PDF case study pack